Convert CSS to inline style.

Expected

1. On admin screen, type user name
2. Incremental search recommends user list.
3. Click user name.
4. token will be added to recipients list.

Actual

On step 3, recipent is not added.

WordPress has some transaction emails.

• When a new user is registered.
• When users lost their passwords.
• When users restore their passwords.

Allow users to change them or send originals.

• Send an email if a user finished his first shopping.
• Send an email if a user keeping not logged in for a while.

Creating marketing automatically.

• Create marketing and sync with ID.
• List all makering group.
• Template selector.
• Preview feature.
• When a post is published, the marketing mail will be sent.

There are issues with your plugin code preventing it from being approved immediately. We have pended your submission in order to help you correct all issues so that it may be approved and published.

We ask you read this email in its entirety, address all listed issues, and reply to this email with your corrected code attached (or linked). You have 6 months to make all corrections, before your plugin will be rejected. Even so, as long as you reply to this email, we will be able to continue with your review and eventually publish your code.

Remember in addition to code quality, security and functionality, we require all plugins adhere to our guidelines. If you have not yet, please read them:

https://developer.wordpress.org/plugins/wordpress-org/detailed-plugin-guidelines/

We know it can be long, but you must follow the directions at the end as not doing so will result in your review being delayed. It is required for you to read and reply to these emails, and failure to do so will result in significant delays with your plugin being accepted.

Finally, should you at any time wish to alter your permalink (aka the plugin slug), you must explicitly tell us what you want it to be. Just changing the display name is not sufficient, and we require to you clearly state your desired permalink. Remember, permalinks cannot be altered after approval.

Be aware that you will not be able to submit another plugin while this one is being reviewed.

Data Must be Sanitized, Escaped, and Validated

When you include POST/GET/REQUEST/FILE calls in your plugin, it's important to sanitize, validate, and escape them. The goal here is to prevent a user from accidentally sending trash data through the system, as well as protecting them from potential security issues.

SANITIZE: Data that is input (either by a user or automatically) must be sanitized as soon as possible. This lessens the possibility of XSS vulnerabilities and MITM attacks where posted data is subverted.

VALIDATE: All data should be validated, no matter what. Even when you sanitize, remember that you don’t want someone putting in ‘dog’ when the only valid values are numbers.

ESCAPE: Data that is output must be escaped properly when it is echo'd, so it can't hijack admin screens. There are many esc_*() functions you can use to make sure you don't show people the wrong data.

To help you with this, WordPress comes with a number of sanitization and escaping functions. You can read about those here:

https://developer.wordpress.org/plugins/security/securing-input/
https://developer.wordpress.org/plugins/security/securing-output/

Remember: You must use the most appropriate functions for the context. If you’re sanitizing email, use sanitize_email(), if you’re outputting HTML, use esc_html(), and so on.

An easy mantra here is this:

Sanitize early
Escape Late
Always Validate

Clean everything, check everything, escape everything, and never trust the users to always have input sane data. After all, users come from all walks of life.

Example(s) from your plugin:

app/Hametuha/Hamail/API/MarketingEmail.php:78: update_post_meta( $post_id, static::META_KEY_SEGMENT, implode( ',', array_map( 'trim', $_POST['hamail_marketing_targets'] ) ) );

---

We believe this to be a complete review of all issues found in your plugin. If we have no response from this email address in 6 months, we will reject this submission in order to keep our queue manageable. To keep your review active, all we ask is that you make corrections and reply.

Your next steps are:

Make all the corrections related to the issues we listed.
Review your entire code to ensure there are no other related concerns.
Attach your corrected plugin as a zip file OR provide a link to a public location (Dropbox, Github, etc) from where we can download the code. A direct link to the zip is best.

Once we receive your updated code, we will re-review it from top down.

We again remind you that should you wish to alter your permalink (aka the plugin slug), you must explicitly tell us what you want it to be. We require to you clearly state in the body of your email what your desired permalink is. Permalinks cannot be altered after approval, and we generally do not accept requests to rename should you fail to inform us during the review.

Be aware that if your zip contains javascript files, you may not be able to email it as many hosts block that in the interests of security. Also note that all version control directories (like Github) will auto-generate a zip for you.

While we have tried to make this review as exhaustive as possible we, like you, are humans and may have missed things. As such, we will re-review the entire plugin when you send it back to us. We appreciate your patience and understanding.

If you have questions, concerns, or need clarification, please reply to this email and just ask us.

Note! If you asked for a permalink change and got a reply that is has been processed, remember that these emails will still use the original display name. Don't panic. If you did not get a reply that we processed the permalink, let us know immediately.

wp_mail is O.K.
but group mail failed.

Add filter list API for users.

For now, hamail has role-based filters, but these could be expanded with filter.

e.g.

$users_lists = apply_filters( 'hamail_mailing_list', [
 'role' => '',
], wp_get_current_user() || $post->post_author );

Maybe it occurs in the process of message creation.

[Error] 400: 2020-02-16 11:05:30
------
The content value must be a string at least one character in length.
[Field]
content.0.value
[Help]
http://sendgrid.com/docs/API_Reference/Web_API_v3/Mail/errors.html#message.content.value
-----
[Headers]
HTTP/1.1 400 Bad Request
Server: nginx
Date: Sun, 16 Feb 2020 02:05:29 GMT
Content-Type: application/json
Content-Length: 219
Connection: keep-alive
Access-Control-Allow-Origin: https://sendgrid.api-docs.io
Access-Control-Allow-Methods: POST
Access-Control-Allow-Headers: Authorization, Content-Type, On-behalf-of, x-sg-elas-acl
Access-Control-Max-Age: 600
X-No-CORS-Reason: https://sendgrid.com/docs/Classroom/Basics/API/cors.html

Create subscription form with short code or something.

Allow to create scheduled email.

Same editor, but having schedule.
UI for setting schedules up.

Trying to send a new email, it fails.
Maybe because of wp_mail highjacking is

Add mailbox feature.

https://sendgrid.kke.co.jp/docs/Tutorials/E_Receive_Mail/receive_mail.html

• Make endpoint(webhook) for parse API.
• Assign each mail address for users.
• system mail handling(no-reply)
• Integrate mail sender

• Add easy link to subscription news letter.

Enter placeholder API.

Which will be converted to dynamic things.
Shortcode API or Block based API.

e.g.

[post_list range=weekly]

• Add CC and BCC for user contact.
• Add default value filter.

Now it's not possible to paginate user list.

Add pro features.

Expected result

• Plugins will be light and pro.

What to implement

• Generate 2 readme.txt with wp-readme.
• Add 2 directory light and pro.
• Add Single Bootstrap point for pro and right.
• 2 build files.

• Select Template per post

Add a quick link to contact list.

• Framingo
• Jetpack

Maybe, failed to highjacking wp_mail

• System mail
• User registration
• Comment link

• Add feature to register automated Email
• Send email if filter is fired.
• API to toggle ON/OFF